silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,148
Millions of connected security and home cameras contain a critical software vulnerability that can allow remote attackers to tap into video feeds, according to a warning from the Cybersecurity and Infrastructure Security Agency (CISA).
The bug (CVE-2021-32934, with a CVSS v3 base score of 9.1) has been introduced via a supply-chain component from ThroughTek that’s used by several original equipment manufacturers (OEMs) of security cameras – along with makers of IoT devices like baby- and pet-monitoring cameras, and robotic and battery devices.
The potential issues stemming from unauthorized viewing of feeds from these devices are myriad: For critical infrastructure operators and enterprises, video-feed interceptions could reveal sensitive business data, production/competitive secrets, information on floorplans for use in physical attacks, and employee information. And for home users, the privacy implications are obvious.
In its alert, issued Tuesday, CISA said that so far, no known public exploits are targeting the bug in the wild yet.
Millions of Connected Cameras Open to Eavesdropping
A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability.
threatpost.com